GoFuckYourself.com - Adult Webmaster Forum - View Single Post

S3X_Jay · 01-25-2021, 06:59 AM

I tested it for a few weeks when I moved over to MojoHost last year. I opted not to continue using it, but I know what's involved and have everything configured so I can get it up and running quickly if there's ever an attack on my server.

They basically resell the StackPath WAF service (google it to see the marketing materials on it).

The basic idea is that people are vetted the first time they hit your site. The vetting is done by edge servers, so the attack traffic never gets near your server. That vetting process may involve a "Please wait…" type of dialog (which isn't the best user experience). Once the user is vetted things work much more quickly, BUT if your user does something suspicious they'll get that request blocked. If they do too many suspicious things, then their IP can get blocked. The issue is that things that are completely normal for your site may seem suspicious to StackPath. You'll need to write rules to allow those exceptions. If I remember correctly you're allowed a certain number of rules after which there's an additional charge. The point being it needs to be tuned and turning it on with no tuning may result in good requests and IPs being blocked.

The other issue is how its billed. It's billed per domain (domain & www-domain are included, subdomains are extra) and also on number of requests. So if you have a lot of sites on your server it can get expensive quickly. And if you have a lot of AJAX going on (and hence a lot of requests) the price can also be pretty steep. I tried it out on a pretty average forum site and the reason why I stopped after 2-3 weeks was because I was about to hit my monthly limit on pageviews.

Bottom line for me was it will be useful when there's an attack. I'll deploy it just as needed (site being attacked first, and then add other sites as they start getting attacked). The price might be steep if the attacker is persistent, but if I prorate the cost over all the months when I didn't use it, I can justify the outlay. It will absolutely stop an attack, and I'd rather give money to Mojohost than to an attacker.

01-25-2021, 06:59 AM
S3X_Jay Registered User Industry Role: Join Date: Dec 2020 Location: NYC (Harlem) Posts: 38	I tested it for a few weeks when I moved over to MojoHost last year. I opted not to continue using it, but I know what's involved and have everything configured so I can get it up and running quickly if there's ever an attack on my server. They basically resell the StackPath WAF service (google it to see the marketing materials on it). The basic idea is that people are vetted the first time they hit your site. The vetting is done by edge servers, so the attack traffic never gets near your server. That vetting process may involve a "Please wait…" type of dialog (which isn't the best user experience). Once the user is vetted things work much more quickly, BUT if your user does something suspicious they'll get that request blocked. If they do too many suspicious things, then their IP can get blocked. The issue is that things that are completely normal for your site may seem suspicious to StackPath. You'll need to write rules to allow those exceptions. If I remember correctly you're allowed a certain number of rules after which there's an additional charge. The point being it needs to be tuned and turning it on with no tuning may result in good requests and IPs being blocked. The other issue is how its billed. It's billed per domain (domain & www-domain are included, subdomains are extra) and also on number of requests. So if you have a lot of sites on your server it can get expensive quickly. And if you have a lot of AJAX going on (and hence a lot of requests) the price can also be pretty steep. I tried it out on a pretty average forum site and the reason why I stopped after 2-3 weeks was because I was about to hit my monthly limit on pageviews. Bottom line for me was it will be useful when there's an attack. I'll deploy it just as needed (site being attacked first, and then add other sites as they start getting attacked). The price might be steep if the attacker is persistent, but if I prorate the cost over all the months when I didn't use it, I can justify the outlay. It will absolutely stop an attack, and I'd rather give money to Mojohost than to an attacker. __________________ For the past 12+ years I've focused on building & running gay affiliate sites.